?
Solved

ISA replacement

Posted on 2014-10-29
5
Medium Priority
?
1,595 Views
Last Modified: 2014-11-13
Does anyone have a recommendation for a replacement of MS ISA server? Need reverse proxy functionality. Cheers
0
Comment
Question by:bozo1701
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 37

Assisted Solution

by:Jian An Lim
Jian An Lim earned 500 total points
ID: 40412723
depends on your size.
TMG is the last version of reverse proxy for microsoft suite and they are not going to develop further their product.

outside microsoft you got plenty of choice depends on your size of company.
you can choose a software, or an appliance.

for example, but not limit to.

bluecoat

https://www.bluecoat.com/products/web-application-reverse-proxy

squid
http://wiki.squid-cache.org/SquidFaq/ReverseProxy
0
 
LVL 64

Accepted Solution

by:
btan earned 1000 total points
ID: 40412766
you can actually check on application delivery controller such as F5 Network, Citrix. The MS direct replacement is TMG/UAG but the TMG is going end of life in 2020, there feature not to be supported as
...there are some features that will suffer from degraded functionality beginning in 2016. Microsoft has announced that it will cease to support the URL Reputation Services (URS) that TMG relies on for web site categorization on December 31, 2015. Also, Microsoft will no longer produce anti-malware and Network Inspection System (NIS) signature updates past this date (although they will continue to function, albeit with outdate signature files).
Having said that there is other provider supporting TMG though such as Celestix MSA.  http://www.celestix.com/best-forefront-tmg-2010-replacement-forefront-tmg-2010/

Forefront UAG can be used to publish internal servers via Web portal or directly (similar to Forefront TMG). For website and VPN replacement use Direct Access, but do note that Direct Access is not a replacement of VPN in few scenarios, e.g. VPN for external workers who shouldn't access all services as company's workers. Of course we can implement several Direct Access implementations in one company, but external workers are enforced to have desktops in company's domain.

F5 Networks
http://www.f5.com/pdf/white-papers/microsoft-threat-management-gateway-alternatives-white-paper.pdf

NetScalar
http://www.citrix.com/content/dam/citrix/en_us/documents/products-solutions/netscaler-a-comprehensive-replacement-for-microsoft-forefront-threat-management-gateway.pdf

For your interest also in comparing Forefront UAG with TMG http://www.isaserver.org/articles-tutorials/general/Should-replace-TMG-firewalls-with-UAG.html
the key differences between TMG and UAG is to take a brief look at a few remote access features and how they differ (or don’t):

Application Intelligence and Publishing (UAG is better than TMG in most areas)
End Point Security (UAG is better than TMG in most areas)
SSL Tunneling (UAG is better than TMG in most areas)
Information Leakage Prevention (UAG is better than TMG in most areas)
Robust Authentication Support (KCD, ADFS, OTP) (UAG is more flexible)
Windows Server 2008, Native 64-Bit (same for both)
Product Certification (Common Criteria) (same for both)
NAP Integration (same for both)
Terminal Services Gateway Integration (easier to set up with UAG)
Web Farm Load Balancing (easier to set up with TMG)
Array Management (TMG more robust)
Enhanced Management and Monitoring (MOM Pack) (same for both)
Enhanced Mobile Solutions (UAG is better in most scenarios)
New and Customizable User Portal (N/A for TMG)
Wizard Driven Configuration (same for both)
0
 
LVL 64

Assisted Solution

by:btan
btan earned 1000 total points
ID: 40412822
There is Sophos UTM as a TMG Replacement from a UTM perspective too if it is a single proxy and may be optimal from mgmt perspective but the role and access control has to be thought through to ensure least privileges for such in one box.

http://www.isaserver.org/articles-tutorials/general/life-after-tmg-considering-sophos-utm-tmg-replacement-part1.html

One of the things that people really like about TMG is its application layer filtering, which allows you to control specific applications. Sophos UTM provides excellent visibility into the applications that are being used on your network and allows you to control access to them. You monitor Internet connections that are going through the firewall and you can see what’s happening as it happens, and set policies based on what you observe. You can also perform bandwidth shaping to give priority to certain business-critical applications.
0
 
LVL 40

Assisted Solution

by:noci
noci earned 500 total points
ID: 40412834
You can also build up a plain unix/linux box and use NGINX as a reverse proxy.
That would be the closest i can think of to getting to a ISA. including support for websockets etc.
Squid will miss out on that kind of processing.
0
 

Author Closing Comment

by:bozo1701
ID: 40440901
Thanx all for your suggestions. They are all  a potential replacement it seems. Looks like we will go with the F5 solution - expensive but solid.
0

Featured Post

Create the perfect environment for any meeting

You might have a modern environment with all sorts of high-tech equipment, but what makes it worthwhile is how you seamlessly bring together the presentation with audio, video and lighting. The ATEN Control System provides integrated control and system automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
Arrow Electronics was searching for a KVM  (Keyboard/Video/Mouse) switch that could display on one single monitor the current status of all units being tested on the rack.
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…
Suggested Courses
Course of the Month9 days, 16 hours left to enroll

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question